Meraki

Community

Meraki Local Authentication - MR 802.1X

Solved
ajtsystems
Comes here often
‎Sep 16 2023 5:03 AM
‎Sep 16 2023 5:03 AM

Meraki Local Authentication - MR 802.1X

I've been reading this article https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_8...

 

Which says that Meraki MR Local Auth can authenticate user certificates but I need to know if it can authenticate Machine certificates in the same way?

 

I'm trying to remove the requirement for a RADIUS server, which this looks like it does by running RADIUS locally on the MR.

 

Thanks

0 Kudos
1 Accepted Solution
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 16 2023 7:24 AM
‎Sep 16 2023 7:24 AM

I would expect it to work. Basically both User- and Machine certificates are the same. They are just used and stored differently. And the CN/SAN holds a valid username in one case and a domain-machine in the other.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

3 Replies 3
alemabrahao
Kind of a big deal
‎Sep 16 2023 5:48 AM
‎Sep 16 2023 5:48 AM

As far as I know, user-level authentication is only possible with local authentication.

 

Basically what the AP does is store user information in cache and thus it can maintain authentication in case of communication failure with the LDAP server.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 16 2023 7:24 AM
‎Sep 16 2023 7:24 AM

I would expect it to work. Basically both User- and Machine certificates are the same. They are just used and stored differently. And the CN/SAN holds a valid username in one case and a domain-machine in the other.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 18 2023 12:27 AM
‎Sep 18 2023 12:27 AM

For local certificate authenticate, you upload a root CA certificate.  The MR will alow anything to authenticate that uses a certificate from that root CA certificate.

 

It doesn't matter if it is a user or a machine.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.